<!DOCTYPE HTML>

<html lang="en">
<head>

<title>UsernamePasswordAuthenticationToken (spring-security-docs 5.6.3 API)</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
<link rel="stylesheet" type="text/css" href="../../../../jquery/jquery-ui.css" title="Style">
<script type="text/javascript" src="../../../../script.js"></script>
<script type="text/javascript" src="../../../../jquery/jszip/dist/jszip.min.js"></script>
<script type="text/javascript" src="../../../../jquery/jszip-utils/dist/jszip-utils.min.js"></script>
<!--[if IE]>
<script type="text/javascript" src="../../../../jquery/jszip-utils/dist/jszip-utils-ie.min.js"></script>
<![endif]-->
<script type="text/javascript" src="../../../../jquery/jquery-3.5.1.js"></script>
<script type="text/javascript" src="../../../../jquery/jquery-ui.js"></script>
</head>
<body>
<script type="text/javascript"><!--
    try {
        if (location.href.indexOf('is-external=true') == -1) {
            parent.document.title="UsernamePasswordAuthenticationToken (spring-security-docs 5.6.3 API)";
        }
    }
    catch(err) {
    }
//-->
var data = {"i0":10,"i1":10,"i2":10,"i3":10};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
var pathtoroot = "../../../../";
var useModuleDirectories = true;
loadScripts(document, 'script');</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<header role="banner">
<nav role="navigation">
<div class="fixedNav">

<div class="topNav"><a id="navbar.top">

</a>
<div class="skipNav"><a href="UsernamePasswordAuthenticationToken.html#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.top.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<ul class="navListSearch">
<li><label for="search">SEARCH:</label>
<input type="text" id="search" value="search" disabled="disabled">
<input type="reset" id="reset" value="reset" disabled="disabled">
</li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_top");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="UsernamePasswordAuthenticationToken.html#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="UsernamePasswordAuthenticationToken.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="UsernamePasswordAuthenticationToken.html#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="UsernamePasswordAuthenticationToken.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.top">

</a></div>

</div>
<div class="navPadding">&nbsp;</div>
<script type="text/javascript"><!--
$('.navPadding').css('padding-top', $('.fixedNav').css("height"));
//-->
</script>
</nav>
</header>

<main role="main">
<div class="header">
<div class="subTitle"><span class="packageLabelInType">Package</span>&nbsp;<a href="package-summary.html">org.springframework.security.authentication</a></div>
<h2 title="Class UsernamePasswordAuthenticationToken" class="title">Class UsernamePasswordAuthenticationToken</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li>java.lang.Object</li>
<li>
<ul class="inheritance">
<li><a href="AbstractAuthenticationToken.html" title="class in org.springframework.security.authentication">org.springframework.security.authentication.AbstractAuthenticationToken</a></li>
<li>
<ul class="inheritance">
<li>org.springframework.security.authentication.UsernamePasswordAuthenticationToken</li>
</ul>
</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Implemented Interfaces:</dt>
<dd><code>java.io.Serializable</code>, <code>java.security.Principal</code>, <code><a href="../core/Authentication.html" title="interface in org.springframework.security.core">Authentication</a></code>, <code><a href="../core/CredentialsContainer.html" title="interface in org.springframework.security.core">CredentialsContainer</a></code></dd>
</dl>
<dl>
<dt>Direct Known Subclasses:</dt>
<dd><code><a href="jaas/JaasAuthenticationToken.html" title="class in org.springframework.security.authentication.jaas">JaasAuthenticationToken</a></code></dd>
</dl>
<hr>
<pre>public class <span class="typeNameLabel">UsernamePasswordAuthenticationToken</span>
extends <a href="AbstractAuthenticationToken.html" title="class in org.springframework.security.authentication">AbstractAuthenticationToken</a></pre>
<div class="block">An <a href="../core/Authentication.html" title="interface in org.springframework.security.core"><code>Authentication</code></a> implementation that is
designed for simple presentation of a username and password.
<p>
The <code>principal</code> and <code>credentials</code> should be set with an
<code>Object</code> that provides the respective property via its
<code>Object.toString()</code> method. The simplest such <code>Object</code> to use is
<code>String</code>.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../serialized-form.html#org.springframework.security.authentication.UsernamePasswordAuthenticationToken">Serialized Form</a></dd>
</dl>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.summary">

</a>
<h3>Constructor Summary</h3>
<table class="memberSummary">
<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Constructor</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr class="altColor">
<th class="colConstructorName" scope="row"><code><span class="memberNameLink"><a href="UsernamePasswordAuthenticationToken.html#%3Cinit%3E(java.lang.Object,java.lang.Object)">UsernamePasswordAuthenticationToken</a></span>&#8203;(java.lang.Object&nbsp;principal,
java.lang.Object&nbsp;credentials)</code></th>
<td class="colLast">
<div class="block">This constructor can be safely used by any code that wishes to create a
<code>UsernamePasswordAuthenticationToken</code>, as the <a href="AbstractAuthenticationToken.html#isAuthenticated()"><code>AbstractAuthenticationToken.isAuthenticated()</code></a>
will return <code>false</code>.</div>
</td>
</tr>
<tr class="rowColor">
<th class="colConstructorName" scope="row"><code><span class="memberNameLink"><a href="UsernamePasswordAuthenticationToken.html#%3Cinit%3E(java.lang.Object,java.lang.Object,java.util.Collection)">UsernamePasswordAuthenticationToken</a></span>&#8203;(java.lang.Object&nbsp;principal,
java.lang.Object&nbsp;credentials,
java.util.Collection&lt;? extends <a href="../core/GrantedAuthority.html" title="interface in org.springframework.security.core">GrantedAuthority</a>&gt;&nbsp;authorities)</code></th>
<td class="colLast">
<div class="block">This constructor should only be used by <code>AuthenticationManager</code> or
<code>AuthenticationProvider</code> implementations that are satisfied with
producing a trusted (i.e.</div>
</td>
</tr>
</table>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.summary">

</a>
<h3>Method Summary</h3>
<table class="memberSummary">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colSecond" scope="col">Method</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="UsernamePasswordAuthenticationToken.html#eraseCredentials()">eraseCredentials</a></span>()</code></th>
<td class="colLast">
<div class="block">Checks the <code>credentials</code>, <code>principal</code> and <code>details</code> objects,
invoking the <code>eraseCredentials</code> method on any which implement
<a href="../core/CredentialsContainer.html" title="interface in org.springframework.security.core"><code>CredentialsContainer</code></a>.</div>
</td>
</tr>
<tr id="i1" class="rowColor">
<td class="colFirst"><code>java.lang.Object</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="UsernamePasswordAuthenticationToken.html#getCredentials()">getCredentials</a></span>()</code></th>
<td class="colLast">
<div class="block">The credentials that prove the principal is correct.</div>
</td>
</tr>
<tr id="i2" class="altColor">
<td class="colFirst"><code>java.lang.Object</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="UsernamePasswordAuthenticationToken.html#getPrincipal()">getPrincipal</a></span>()</code></th>
<td class="colLast">
<div class="block">The identity of the principal being authenticated.</div>
</td>
</tr>
<tr id="i3" class="rowColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="UsernamePasswordAuthenticationToken.html#setAuthenticated(boolean)">setAuthenticated</a></span>&#8203;(boolean&nbsp;isAuthenticated)</code></th>
<td class="colLast">
<div class="block">See <a href="../core/Authentication.html#isAuthenticated()"><code>Authentication.isAuthenticated()</code></a> for a full description.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.springframework.security.authentication.AbstractAuthenticationToken">

</a>
<h3>Methods inherited from class&nbsp;org.springframework.security.authentication.<a href="AbstractAuthenticationToken.html" title="class in org.springframework.security.authentication">AbstractAuthenticationToken</a></h3>
<code><a href="AbstractAuthenticationToken.html#equals(java.lang.Object)">equals</a>, <a href="AbstractAuthenticationToken.html#getAuthorities()">getAuthorities</a>, <a href="AbstractAuthenticationToken.html#getDetails()">getDetails</a>, <a href="AbstractAuthenticationToken.html#getName()">getName</a>, <a href="AbstractAuthenticationToken.html#hashCode()">hashCode</a>, <a href="AbstractAuthenticationToken.html#isAuthenticated()">isAuthenticated</a>, <a href="AbstractAuthenticationToken.html#setDetails(java.lang.Object)">setDetails</a>, <a href="AbstractAuthenticationToken.html#toString()">toString</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.java.lang.Object">

</a>
<h3>Methods inherited from class&nbsp;java.lang.Object</h3>
<code>clone, finalize, getClass, notify, notifyAll, wait, wait, wait</code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.java.security.Principal">

</a>
<h3>Methods inherited from interface&nbsp;java.security.Principal</h3>
<code>implies</code></li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.detail">

</a>
<h3>Constructor Detail</h3>
<a id="&lt;init&gt;(java.lang.Object,java.lang.Object)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>UsernamePasswordAuthenticationToken</h4>
<pre>public&nbsp;UsernamePasswordAuthenticationToken&#8203;(java.lang.Object&nbsp;principal,
                                           java.lang.Object&nbsp;credentials)</pre>
<div class="block">This constructor can be safely used by any code that wishes to create a
<code>UsernamePasswordAuthenticationToken</code>, as the <a href="AbstractAuthenticationToken.html#isAuthenticated()"><code>AbstractAuthenticationToken.isAuthenticated()</code></a>
will return <code>false</code>.</div>
</li>
</ul>
<a id="&lt;init&gt;(java.lang.Object,java.lang.Object,java.util.Collection)">

</a>
<ul class="blockListLast">
<li class="blockList">
<h4>UsernamePasswordAuthenticationToken</h4>
<pre>public&nbsp;UsernamePasswordAuthenticationToken&#8203;(java.lang.Object&nbsp;principal,
                                           java.lang.Object&nbsp;credentials,
                                           java.util.Collection&lt;? extends <a href="../core/GrantedAuthority.html" title="interface in org.springframework.security.core">GrantedAuthority</a>&gt;&nbsp;authorities)</pre>
<div class="block">This constructor should only be used by <code>AuthenticationManager</code> or
<code>AuthenticationProvider</code> implementations that are satisfied with
producing a trusted (i.e. <a href="AbstractAuthenticationToken.html#isAuthenticated()"><code>AbstractAuthenticationToken.isAuthenticated()</code></a> = <code>true</code>)
authentication token.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>principal</code> - </dd>
<dd><code>credentials</code> - </dd>
<dd><code>authorities</code> - </dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.detail">

</a>
<h3>Method Detail</h3>
<a id="getCredentials()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>getCredentials</h4>
<pre class="methodSignature">public&nbsp;java.lang.Object&nbsp;getCredentials()</pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from interface:&nbsp;<code><a href="../core/Authentication.html#getCredentials()">Authentication</a></code></span></div>
<div class="block">The credentials that prove the principal is correct. This is usually a password,
but could be anything relevant to the <code>AuthenticationManager</code>. Callers
are expected to populate the credentials.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the credentials that prove the identity of the <code>Principal</code></dd>
</dl>
</li>
</ul>
<a id="getPrincipal()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>getPrincipal</h4>
<pre class="methodSignature">public&nbsp;java.lang.Object&nbsp;getPrincipal()</pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from interface:&nbsp;<code><a href="../core/Authentication.html#getPrincipal()">Authentication</a></code></span></div>
<div class="block">The identity of the principal being authenticated. In the case of an authentication
request with username and password, this would be the username. Callers are
expected to populate the principal for an authentication request.
<p>
The <tt>AuthenticationManager</tt> implementation will often return an
<tt>Authentication</tt> containing richer information as the principal for use by
the application. Many of the authentication providers will create a
<code>UserDetails</code> object as the principal.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <code>Principal</code> being authenticated or the authenticated
principal after authentication.</dd>
</dl>
</li>
</ul>
<a id="setAuthenticated(boolean)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>setAuthenticated</h4>
<pre class="methodSignature">public&nbsp;void&nbsp;setAuthenticated&#8203;(boolean&nbsp;isAuthenticated)
                      throws java.lang.IllegalArgumentException</pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from interface:&nbsp;<code><a href="../core/Authentication.html#setAuthenticated(boolean)">Authentication</a></code></span></div>
<div class="block">See <a href="../core/Authentication.html#isAuthenticated()"><code>Authentication.isAuthenticated()</code></a> for a full description.
<p>
Implementations should <b>always</b> allow this method to be called with a
<code>false</code> parameter, as this is used by various classes to specify the
authentication token should not be trusted. If an implementation wishes to reject
an invocation with a <code>true</code> parameter (which would indicate the
authentication token is trusted - a potential security risk) the implementation
should throw an <code>IllegalArgumentException</code>.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../core/Authentication.html#setAuthenticated(boolean)">setAuthenticated</a></code>&nbsp;in interface&nbsp;<code><a href="../core/Authentication.html" title="interface in org.springframework.security.core">Authentication</a></code></dd>
<dt><span class="overrideSpecifyLabel">Overrides:</span></dt>
<dd><code><a href="AbstractAuthenticationToken.html#setAuthenticated(boolean)">setAuthenticated</a></code>&nbsp;in class&nbsp;<code><a href="AbstractAuthenticationToken.html" title="class in org.springframework.security.authentication">AbstractAuthenticationToken</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>isAuthenticated</code> - <code>true</code> if the token should be trusted (which may
result in an exception) or <code>false</code> if the token should not be trusted</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.IllegalArgumentException</code> - if an attempt to make the authentication token
trusted (by passing <code>true</code> as the argument) is rejected due to the
implementation being immutable or implementing its own alternative approach to
<a href="../core/Authentication.html#isAuthenticated()"><code>Authentication.isAuthenticated()</code></a></dd>
</dl>
</li>
</ul>
<a id="eraseCredentials()">

</a>
<ul class="blockListLast">
<li class="blockList">
<h4>eraseCredentials</h4>
<pre class="methodSignature">public&nbsp;void&nbsp;eraseCredentials()</pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from class:&nbsp;<code><a href="AbstractAuthenticationToken.html#eraseCredentials()">AbstractAuthenticationToken</a></code></span></div>
<div class="block">Checks the <code>credentials</code>, <code>principal</code> and <code>details</code> objects,
invoking the <code>eraseCredentials</code> method on any which implement
<a href="../core/CredentialsContainer.html" title="interface in org.springframework.security.core"><code>CredentialsContainer</code></a>.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../core/CredentialsContainer.html#eraseCredentials()">eraseCredentials</a></code>&nbsp;in interface&nbsp;<code><a href="../core/CredentialsContainer.html" title="interface in org.springframework.security.core">CredentialsContainer</a></code></dd>
<dt><span class="overrideSpecifyLabel">Overrides:</span></dt>
<dd><code><a href="AbstractAuthenticationToken.html#eraseCredentials()">eraseCredentials</a></code>&nbsp;in class&nbsp;<code><a href="AbstractAuthenticationToken.html" title="class in org.springframework.security.authentication">AbstractAuthenticationToken</a></code></dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
</div>
</main>

<footer role="contentinfo">
<nav role="navigation">

<div class="bottomNav"><a id="navbar.bottom">

</a>
<div class="skipNav"><a href="UsernamePasswordAuthenticationToken.html#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.bottom.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_bottom");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="UsernamePasswordAuthenticationToken.html#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="UsernamePasswordAuthenticationToken.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="UsernamePasswordAuthenticationToken.html#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="UsernamePasswordAuthenticationToken.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.bottom">

</a></div>

</nav>
</footer>
<script>if (window.parent == window) {(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create', 'UA-2728886-23', 'auto', {'siteSpeedSampleRate': 100});ga('send', 'pageview');}</script><script defer src="https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194" integrity="sha512-Gi7xpJR8tSkrpF7aordPZQlW2DLtzUlZcumS8dMQjwDHEnw9I7ZLyiOj/6tZStRBGtGgN6ceN6cMH8z7etPGlw==" data-cf-beacon='{"rayId":"7040cd0e9b4f980c","token":"bffcb8a918ae4755926f76178bfbd26b","version":"2021.12.0","si":100}' crossorigin="anonymous"></script>
</body>
</html>
